CVE-2026-23048
Use-After-Free Vulnerability in Linux Kernel UDP skb Handling
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's UDP receive path. The issue arises because the standard UDP receive path does not use the skb->destructor, but the skmsg layer does, as it calls skb_set_owner_sk_safe() from udp_read_skb(). This leads to a warning triggered in skb_attempt_defer_free() due to the destructor being set. The fix involves calling skb_orphan() before skb_attempt_defer_free() to prevent this warning and properly handle the skb destructor.
How can this vulnerability impact me? :
The vulnerability causes a warning in the kernel related to skb destructor handling, which could potentially lead to improper memory management or unexpected behavior in the UDP receive path. However, the exact impact on system security or stability is not detailed in the provided information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by ensuring that skb_orphan() is called before skb_attempt_defer_free() in the UDP receive path of the Linux kernel.
To mitigate this vulnerability, update your Linux kernel to a version where this fix has been applied.